Unrated severityNVD Advisory· Published Aug 20, 2013· Updated Jun 16, 2026
CVE-2013-4962
CVE-2013-4962
Description
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
Affected products
8cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=3.0.0
- cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*
- (no CPE)range: <3.0.1
Patches
Vulnerability mechanics
References
1- puppetlabs.com/security/cve/cve-2013-4962/nvdVendor Advisory
News mentions
0No linked articles in our index yet.